Even with encrypted traffic, an attacker can learn things, especially if you get DNS and SNI data
I suspect (but cannot prove) that this might have been a leak from Russia's internal internet into the wider global net. Since Russia isn't well known for it's privacy respecting nature, it might have been a traffic scanner to see if people are being good citizens. However, that is just speculation and I hope it's wrong.
Yep, all you need to know is the IP addresses of certain domains (say Facebook) and then look for user IP transferring a lot of data to it meaning they are probably uploading a photo. Now tie that IP to an ISP and maybe a user and you can find out who might be posting derogatory memes about Putin.
But you don't have to change routing for that - you can do that with just passive monitoring. And by the way, the law [1] that requires ISPs to store up to 6 months worth of traffic is coming into effect next year. So even monitoring won't be necessary.
Maybe they were testing effective ways to block foreign sites?
China did the same but for bigger scale in the past. The reason to do this is to store all traffic for future analysis. Now it is protected by https but there is no protocol or cryptography which couldn't be exploited in the future.
But as we all know, NSA does store all traffic for future analysis. A BGP leak from China or Russia, be that as it may, almost surely has nothing to do with storing traffic.
Nothing in Snowden's docs says that the NSA was collecting and storing all the traffic it could find for later analysis, which was GGP's unsupported claim.
That only protects against breaches of the long-term key, not against attacks on the cipher itself, AFAIK. So if in the future they manage to attack AES (or whatever cipher the connection was using), forward secrecy won't help.
If you use 1024 bit DH with a common group (old/misconfigured web and email servers do this) then it is suspected nation states can break the DH, get the shared symmetric key and decrypt all traffic.
For ECDHE over P-256, they would need to wait for a big quantum computer (which will break all recorded traffic that used a non-quantum resistant key exchange, which is all current traffic).
Assuming that state level actors don’t have ways to get around https? I’d expect a nation like Russia could acquire or procure new key for the targeted domains or perform some unknown 0 day attack on the targeted companies to acquire the original key.
Not with certificate pinning , which google certainly has, and I’d be surprised if the other two didn’t. It is an issue for smaller sites (which might have been the real target)
I don't think IE supports pinning, though, so if they could reliably detect the browser at the TLS handshake stage (don't know if it's possible) they could in theory serve their own cert to those users.
> so if they could reliably detect the browser at the TLS handshake stage (don't know if it's possible)
It's possible and easy, the list of ciphers in the ClientHello is different. Take a look at https://www.ssllabs.com/ssltest/clients.html to see what several popular browsers look like.
They still could perform a previously unknown attack to grab the original key. There could be a side channel attack that we are unaware of that could give out enough information to reconstruct the key. Heck I just saw a post today about an Oracle attack on TLS called ROBOT that a lot of big players are vulnerable to.
Performing a DNS hijack has more uses than just reading the traffic. It gives you information on the amount of data that is sent towards a given prefix (among other uses, this can help for creating DDoS attacks later). It also makes those prefixes unavailable for as long as the attack persists, which is already a form of denial of service.
I suspect (but cannot prove) that this might have been a leak from Russia's internal internet into the wider global net. Since Russia isn't well known for it's privacy respecting nature, it might have been a traffic scanner to see if people are being good citizens. However, that is just speculation and I hope it's wrong.